Privacy Intern

Position summary 
We are seeking a Privacy Intern to support the Risk & Compliance Department in maturing our enterprise privacy program. The initial focus will be to help refine and expand our GDPR privacy obligation matrices and support the documentation of required processing registers with the EU and across the globe. If time permits, the intern will also contribute to broader privacy program buildout activities. 

Key responsibilities 

• Support development and maintenance of GDPR privacy obligation matrices (e.g., mapping obligations to controls, owners, evidence, and documentation requirements). 

• Assist in reviewing and updating Records of Processing Activities (RoPA) and related processing register documentation for EU operations. 

• Conduct research on international privacy obligations and interpret requirements into practical documentation and program artifacts. 

• Partner with internal stakeholders to collect required information (e.g., purposes of processing, data categories, retention, transfers, processors/sub-processors, security measures). 

• Identify documentation gaps and propose improvements to privacy governance processes and templates. 

• Help prepare materials to support privacy program buildout (e.g., procedures, playbooks, trackers, audit-ready evidence files) as time permits. 

• Maintain organized, high-quality documentation with strong version control and traceability. 

Qualifications 

• Currently pursuing a later-stage undergraduate degree or a graduate degree (Master’s or Juris Doctor / law degree preferred) in a related field (e.g., law, privacy, compliance, risk management, information security, public policy, or business). 

• Strong understanding of GDPR concepts and key privacy program structures (e.g., RoPA, lawful bases, DPIAs, data subject rights, data transfers, controller/processor roles). 

• Exceptional attention to detail and ability to produce clear, well-structured documentation. 

• Self-motivated, driven, and comfortable working independently with minimal supervision. 

• High curiosity and willingness to learn and ask thoughtful questions. 

• Strong written communication and stakeholder coordination skills. 

Preferred / bonus skills 

• Coursework or experience with international privacy regulations (e.g., EU and UK GDPR, U.S. state privacy laws). 

• Exposure to privacy operational artifacts such as DPIAs/PIAs, vendor/processor assessments, and transfer impact assessments. 

• Comfort working with structured trackers and matrices (Excel/Sheets) and maintaining documentation quality at scale. 

• Familiarity with common privacy or GRC tooling (e.g., OneTrust or similar), not required. 

Core competencies 

• Analytical thinking: able to translate regulatory text into actionable requirements. 

• Documentation excellence: produces organized, consistent, audit-ready work products. 

• Accountability/Ownership: follows through on tasks and proactively manages open items. 

• Collaboration: works effectively with Legal, Security, Product, and operational teams. 

• Integrity and discretion: handles sensitive information appropriately. 

Position summary 
We are seeking a Privacy Intern to support the Risk & Compliance Department in maturing our enterprise privacy program. The initial focus will be to help refine and expand our GDPR privacy obligation matrices and support the documentation of required processing registers with the EU and across the globe. If time permits, the intern will also contribute to broader privacy program buildout activities. 

Key responsibilities 

• Support development and maintenance of GDPR privacy obligation matrices (e.g., mapping obligations to controls, owners, evidence, and documentation requirements). 

• Assist in reviewing and updating Records of Processing Activities (RoPA) and related processing register documentation for EU operations. 

• Conduct research on international privacy obligations and interpret requirements into practical documentation and program artifacts. 

• Partner with internal stakeholders to collect required information (e.g., purposes of processing, data categories, retention, transfers, processors/sub-processors, security measures). 

• Identify documentation gaps and propose improvements to privacy governance processes and templates. 

• Help prepare materials to support privacy program buildout (e.g., procedures, playbooks, trackers, audit-ready evidence files) as time permits. 

• Maintain organized, high-quality documentation with strong version control and traceability. 

Qualifications 

• Currently pursuing a later-stage undergraduate degree or a graduate degree (Master’s or Juris Doctor / law degree preferred) in a related field (e.g., law, privacy, compliance, risk management, information security, public policy, or business). 

• Strong understanding of GDPR concepts and key privacy program structures (e.g., RoPA, lawful bases, DPIAs, data subject rights, data transfers, controller/processor roles). 

• Exceptional attention to detail and ability to produce clear, well-structured documentation. 

• Self-motivated, driven, and comfortable working independently with minimal supervision. 

• High curiosity and willingness to learn and ask thoughtful questions. 

• Strong written communication and stakeholder coordination skills. 

Preferred / bonus skills 

• Coursework or experience with international privacy regulations (e.g., EU and UK GDPR, U.S. state privacy laws). 

• Exposure to privacy operational artifacts such as DPIAs/PIAs, vendor/processor assessments, and transfer impact assessments. 

• Comfort working with structured trackers and matrices (Excel/Sheets) and maintaining documentation quality at scale. 

• Familiarity with common privacy or GRC tooling (e.g., OneTrust or similar), not required. 

Core competencies 

• Analytical thinking: able to translate regulatory text into actionable requirements. 

• Documentation excellence: produces organized, consistent, audit-ready work products. 

• Accountability/Ownership: follows through on tasks and proactively manages open items. 

• Collaboration: works effectively with Legal, Security, Product, and operational teams. 

• Integrity and discretion: handles sensitive information appropriately.